August 25, 2010 | 
Author In the previous post, I explains the core CS staging concepts and if you have not yet viewed , click below link for more detail.
Introduction to Commerceserver staging
In this article, we will learn how staging works. When you install commerce server staging (Note: staging is part of CS enterprise version), a service named “Commerce Server Staging” is installed and you can see it in services MMC. When ever we start a staging project, the replication (during transit, CS encrypts data using SHA algorithm) will happen under this account credentials. So, make sure you don’t run this service under network or local account instead run it under domain account. Apart from the service, three groups are created on the server and each group has it’s own significance.
- CSS_SG: commerce server staging service group have operator access to all projects. So, the service account under which the staging service runs is to be part of this group.
- CSS_Operators: commerce server operator group have operator access to manage projects.
- CSS_Administrators: commerce server administrators group have administrative access.
The below table explains security permissions between the groups.
| Task | CSS_Operators | CSS_Administrators |
| Add/remove/change projects and routes | NO | YES |
| Add/remove users from the projects | NO | YES |
| Add/remove servers | NO | YES |
| Change server properties | NO | YES |
| Start/stop/roll back staging projects | YES | YES |
| View project/route properties | YES | YES |
| Start/Stop staging service | YES | YES |
The users can able to access projects and routes in Staging MMC only if they are part of CSS_Operators or CSS_Administrators and make sure proper access to databases. I will explain more about sql security in my upcoming articles.
The below diagram explains how stage data is moved from source CSS server to destination CSS server.
- The staging operation starts when the user trigger project execution. Project execution can be done manually either through staging MMC or staging command line utility (CSS.EXE) or the execution process can be scheduled to run on a particular time/date.
- Based on the project name, CSS process loads information from configuration settings and initiates the process.
- Based on the destination settings, the source CSS informs all destination CSS systems about the execution so that they are aware and do the necessary imports.
- Based on setting, the data is extracted from commerce server or web folder or IIS.
- Once extract is done, the extracted data is moved to destination folders. Here Staging encryptions data using SHA algorithm so that the data transferred happens securely.
- Once the files are copied to the destination folder, the destination CSS loads the configuration and start importing data.
If you like this post, please click on our sponsor advertisement.
Posted in 
Tags: 
Hi
Can you please provide and overview of How CS import/export works. How CS identies which all products/items need to move from one environment to another and based on what criteria etc. ie internal logic of CS Import/export functionality
Thanks in Advance
Biju Thomas
There are two types of imports/expoerts? One is full export and second one is expression based export. One of that expression parameter is datetime. Commerce server tables holds a field named “LastModified” and staging service is intelligent enouch to fetch the records that are modified from last export. Hope this helps.
Regards,
-Ravi Kanth
Thanks Ravi
Do you have any documents/links regarding this?
Hi Ravi,
We are having our production servers (load balanced with Cisco network device) inside DMZ and planning to install Stage server in the LAN. DMZ and LAN are not trusted domains. I want to know how CSS will work in this case.
Thanks
Purush
Purush,
Good question – Staging works on file systems – that means, business data is exported into XML files and transferred to destinations on port no. 507. You can leverage way point server to achieve this goal. You have to check with your network team to get access to a server where it has access to both environments.
Hi Ravi,
Thanks for your response. Is XML file is written to a DMZ server (share) via port 507?
Does it require authentication to write? Is it configurable in destination setting?
eg: DMZ-DOMAIN\CSSUser and pwd: cleartext
From your documentation:
“Based on the destination settings, the source CSS informs all destination CSS systems about the execution so that they are aware and do the necessary imports” – Can CSS communicate to a server running on untrusted domian
Yes Purush, the XML transfer happens through TCP protocol on port 507 and it uses windows authentication. May be you can give a try of running the source and destination in two different domain accounts (which are not in trust) – literally the source & destination accounts should have R/W access to a folder and the source should able to connect/talk to destination.
Ravi,
Thank You. I think I need to try it out.
Do I need to use NT domain (CSS account) account to access SQL databases. Both for source and endpoint servers? Can I make CSS use SQL Accounts
Where the import process runs? will it run on the endpoint or will the source CSS exports and imports.
We are planning point-to-point topology
Thanks again
Purush